Mattermost supports workplace messaging for teams using one to three servers with instructions available in the Install Guides section of this documentation. See Software and Hardware Requirements documentation for server sizing estimates.

End users can securely share messages and files using a web-based Mattermost experience in Chrome, Firefox, Safari, and Edge. Please see Software and Hardware Requirements documentation for full details.

Native applications for iOS and Android are available for interacting with the Mattermost server and receiving encrypted push notifications from your private cloud. Organizations can use a Hosted Push Notification Service with encrypted communications to mobile apps on the App Store and Google Play, or deploy to an Enterprise App Store on your organization’s private network. A Test Push Notification Service is available for use while evaluating options.

The HTTPS connection to the Mattermost server renders pages and provides core functionality. It does not include real-time interactivity, which is enabled by the WSS connection.

If the HTTPS connection is not available, the Mattermost service will not work. HTTPS is a secure, encrypted protocol and is highly recommended for production. An unencrypted HTTP connection may be used in initial testing and configuration but it is not recommended for production.

The WSS connection to the Mattermost server enables real-time updates and notifications. If the WSS connection is not available, but HTTPS is available, the system will appear to work, but real-time updates and notifications will not work. Updates will only appear on a page refresh. WSS will be a persistent connection to the Mattermost server while you are connected, while HTTPS will be intermittent depending on when you load a page or a file.

Typically a “Mattermost unreachable” error message will be displayed warning users that the Mattermost server is either unreachable or the WebSocket connection is not properly configured.

WSS is a secure, encrypted connection and is highly recommended. An unencrypted WSS connection may be used in initial testing and configuration but it is not recommended for production.

Mattermost is intended to be installed within a private network which can offer multiple factors of authentication, including secure access to computing devices and physical locations.

If outside access is required, a virtual private network client (VPN), such as OpenVPN, with additional authentication used to connect to Mattermost for web, desktop, and mobile experiences, is recommended.

The organization upgrades to Mattermost Enterprise Edition to enable SAML single sign-on or enable MFA using Google Authenticator. For non-enterprise deployments, VPN is recommended.

If Mattermost is accessible from the open internet with no VPN or MFA set up, we recommended using it only for non-confidential, unimportant conversations where impact of a compromised system is not essential.

Apple Push Notification Service to send notifications to the Mattermost iOS app.

Google Push Notification Service to send notifications to the Mattermost Android app.

If you’re deploying mobile applications to an Enterprise App Store, your MPNS should be behind your firewall on your private network. If you’re using mobile apps in the App Store and Google Play, you can relay notifications to mobile apps using the Hosted Push Notification Service (HPNS) included with Mattermost Enterprise Edition.

HPNS does not connect to your mobile apps directly. It sends messages over an encrypted channel to Apple or Google which are relayed to the app users downloaded from the App Store or Google Play.

The proxy manages Secure Socket Layer (SSL) encryption and sets the policy on how network traffic will be routed to the Mattermost server.

Mattermost install guides include setup instructions for the NGNIX software proxy by default. For large scale deployments, a hardware proxy with dedicated devices for processing SSL encryption and decryption could potentially increase efficiencies.

In a high availability configuration (Enterprise Edition only) the proxy would also balance network load across multiple Mattermost servers.

Mattermost offers complete access to its Web Service APIs, along with incoming and outgoing webhooks, and slash command options for integrating with your on-premises systems.

Visit our app directory for dozens of open source integrations to common tools like Jira, Jenkins, GitLab, Trac, Redmine, and SVN, along with interactive bot applications (Hubot, mattermost-bot), and other communication tools (Email, IRC, XMPP, Threema) that are freely available for use and customization.

The Mattermost server installs as a single compiled binary file. All server settings are stored in a configuration file, config/config.json, which can be updated directly or via a web-based System Console user interface.

The entirety of the Mattermost server is accessible through a RESTful Web Service API. The API can be completely accessed by developers creating custom applications for Mattermost either directly or via Javascript and Golang drivers.

Large organizations needing sophisticated, high scale, high availability configurations can set up a highly available, horizontally scalable deployment. Contact the enterprise team for guidance on configuring and sizing Mattermost Enterprise Edition to support your specific needs.

For enterprise deployments, the Mattermost database can be configured with a master and multiple read replicas. The read replicas can be configured as a redundant backup to the active server, so that during hardware failures operation can be diverted to the read replica server without interrupting service. The safest configuration is to size the disk space on the read replica used for failover two to three times larger than storage available on master, so that if the master fails because it runs out of disk space it will fail over to a read replica with enough extra space to run smoothly until the master is corrected.

Mattermost can be deployed behind your company firewall on a private network with access from the outside via a Virtual Private Network (VPN). This means running a VPN client on the mobile devices and desktop computers that need to access Mattermost.

The Mattermost Push Notification Service (MPNS) should be behind your firewall on your private network. MPNS does not connect with mobile apps directly, it forwards push notifications from the Mattermost server to a relay service for the App Store or Google Play, or to mobile apps within an Enterprise App Store.

If Mattermost is available on the internet, we recommend Mattermost Enterprise Edition featuring SAML-based single sign-on and multi-factor authentication (MFA) using Google Authenticator.

The Mattermost Push Notification Service (MPNS) should be behind your firewall inside your private network. MPNS does not connect with mobile apps directly, it forwards push notifications from the Mattermost server to a relay service for iOS App Store or Google Play, or directly to mobile apps within an Enterprise App Store behind your firewall.

Mattermost mobile applications can also be deployed via EMM providers who support AppConfig such as Blackberry UEM, Mobileiron, and Airwatch. EMM solutions typically offer “App Tunnel” or per-app VPN capabilities that can be used to connect to mobile apps behind a VPN.